Hacker News new | past | comments | ask | show | jobs | submit login

In this specific context, there was a third way to fix the issue:

3. Click "Deny" when the app explicitly has Google's OAuth flow ask if you want to give it permission to read, create, and delete all of your email.

Well, of course. One could ask "What did he think was going to happen when he installed a 3rd party mail reader?"

Thing is, encrypted mail and trusted clients means you could store your email at supersketchy.ru and it wouldn't matter. It's the way to make those kinds of choices safe, Or, rether, just having permissions doesn't security is adequate.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact